Full Disclosure mailing list archives
Metasploit Pro Includes a 4 year old Java Runtime with 223 vulnerabilities 53 being critical
From: Anthony Cicalla <anthony.cicalla () clearwatercompliance com>
Date: Mon, 30 Sep 2019 16:32:57 +0000
A ticket was created with Rapid7 more than two months ago now regarding the 4 year old java library that is being included with Metasploit Pro. The library is responsible for 53 critical vulnerabilities in our scans. After 3 months the library has not been updated. Status<https://10.213.213.1:3780/vulnerability/yui-dt1-href-status> Protocol<https://10.213.213.1:3780/vulnerability/yui-dt1-href-protocol> Port<https://10.213.213.1:3780/vulnerability/yui-dt1-href-port> Key<https://10.213.213.1:3780/vulnerability/yui-dt1-href-vkey> Proof Last Scan<https://10.213.213.1:3780/vulnerability/yui-dt1-href-lastScanDate> Exceptions Vulnerable Version - - /opt/metasploitpro/java/lib/rt.jar Vulnerable software installed: Oracle JRE 1.8.0.60 (/opt/metasploitpro/java/lib/rt.jar) Sep 28th, 2019 Sincerely, Anthony Cicalla, CEH, CISSP, GSNA, CHP, CSCS, MCP, NCA, MPCS | Principal Consultant <https://t.sidekickopen70.com/s1t/c/5/f18dQhb0S1KL8bGch0W2n0x6l2B9nMJW7t6jvP7dSlJsN3M2drY1WLz4f1B1WwK03?t=http%3A%2F%2Fwww.clearwatercompliance.com%2F&si=5699537312153600&pi=4095cd8d-494c-4711-a111-39af6b0434c6> Anthony.Cicalla () clearwatercompliance com<mailto:Anthony.Cicalla () clearwatercompliance com> O: 615-800-8007 | M: 415.937.2985 www.clearwatercompliance.com<https://t.sidekickopen70.com/s1t/c/5/f18dQhb0S1KL8bGch0W2n0x6l2B9nMJW7t6jvP7dSlJsN3M2drY1WLz4f1B1WwK03?t=http%3A%2F%2Fwww.clearwatercompliance.com%2F&si=5699537312153600&pi=4095cd8d-494c-4711-a111-39af6b0434c6> This message has been sent by a Privacy, Security, Compliance and Information Risk Management solutions firm and may contain information that is confidential and/or privileged. If you are not the intended recipient, please advise the sender immediately by reply email and delete this message and any attachments without retaining a copy. Please advise immediately if you or your employer do not want us to use Internet email for future messages of this kind. Thank you.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Metasploit Pro Includes a 4 year old Java Runtime with 223 vulnerabilities 53 being critical Anthony Cicalla (Oct 01)